Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,547
Content source
https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.

"Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity vendor Doctor Web said in an analysis. "Such installers are used as a decoy and contain not only the software potential victims are interested in, but also the trojan itself with all its components."

The exact initial access vector used in the campaign is unclear but it could potentially range from phishing to drive-by downloads to malicious ads. Users who land on the fake site are prompted to download a ZIP installer package.

The installer, besides activating the standard installation process, stealthily drops the Fruity trojan, a Python-based malware that unpacks an MP3 file ("Idea.mp3") to load an image file ("Fruit.png") to activate the multi-stage infection.

"This image file uses the steganography method to hide two executables (.dll libraries) and the shellcode for the next-stage initialization inside it," Doctor Web said.

Fruity is also designed to bypass antivirus detection on the compromised host and ultimately launch the Remcos RAT payload using a technique called process doppelgänging.
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: plat, vtqhtr413, brambedkar59 and 5 others
cartaphilus

cartaphilus

Level 12
Well-known
Mar 17, 2023
575
The use of stenography to hide an infectious executable within a picture of a fruit is a complex and sophisticated technique. If only that mental power could be used for the betterment of humanity, imagine what we could accomplish as a collective!

And of all the vendors it was Dr. Web who detected it!??? I think of Dr. Web on the same terms as Dr. Nick from Simpsons.
 
Xeno1234

Xeno1234

Level 14
Jun 12, 2023
684
cartaphilus said:
The use of stenography to hide an infectious executable within a picture of a fruit is a complex and sophisticated technique. If only that mental power could be used for the betterment of humanity, imagine what we could accomplish as a collective!

And of all the vendors it was Dr. Web who detected it!??? I think of Dr. Web on the same terms as Dr. Nick from Simpsons.
Click to expand...
If Dr Web got it, high chance Kaspersky nags with at least in some way.
 
You must log in or register to reply here.

Similar threads

Bot
    • Like
    • +Reputation
Security News New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
Replies
0
Views
1,225
Security News
Bot
Bot
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Malware News Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
Replies
13
Views
3,210
Security News
Trident
Trident
silversurfer
    • Like
    • +Reputation
    • Thanks
RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks
Replies
1
Views
938
News Archive
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top